<?php
/**
 * @CopyRight  (C)2012-2012 ThinkClouds Inc.
 * @WebSite    www.thinkclouds.net
 * @Author    Xu Xiangwu <xuxiangwu007@163.com>

 * @Update     2012.08.10
 * @Id         用户管理
**/
if(!defined('IN_PHPOE')) {
	exit('Access Denied');
}
$action = Core_Fun::rec_post("action");
$mod = Core_Fun::rec_post("mod");
$ckey = Core_Fun::rec_post("ckey");
//var_dump($ckey);


if($action == "reg"){
	
		$username = $username;
		$password = $password;
		$confirm_pw = $confirm_pw;
		$email    = $email;
		$sex      = $sex;
		$age      = $age;
		$phone    = $phone;
		$year     = $year;
		$month    = $month;
		$day      = $day;
		$pri      = $sheng;
		$shi      = $shi;
		$qu		  = $qu;
		$street   = $street;
		$code     = $code;
		

		if($username == ""){
			Core_Fun::halt("用户名不能为空！","$url",1);
		}
		if(strlen($password) < 6){
			Core_Fun::halt("密码太短！","$url",1);
		}elseif(strlen($password) > 12){
			Core_Fun::halt("密码太长！","$url",1);
		}
		if($email == ""){
			Core_Fun::halt("邮箱地址不能为空！","$url",1);
		}
		if($email !== ""){
			$check="/^[0-9a-zA-Z]+(?:[\_\-][a-z0-9\-]+)*@[a-zA-Z0-9]+(?:[-.][a-zA-Z0-9]+)*\.[a-zA-Z]+$/i";
			//$check= "/^([a-z0-9+_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)[a-z]{2,6}\$/i";
			if(strpos($email,'@') == false || strpos($email,'.') == false){
				if(!preg_match($check,$email)){
					Core_Fun::halt("邮箱格式错误，请检查！","$url",1);
				}
			}
		}
		if($phone == ""){
			Core_Fun::halt("手机不能为空！","$url",1);
		}
		$sql="SELECT * FROM oecms_user WHERE username='".$username."'";
		$email_sql="SELECT * FROM oecms_user WhERE email='".$email."'";
		$email_res=$db->checkdata($email_sql);
		$res = $db->checkdata($sql);
		if($res == false && $email_res == false){
			$array = array(
				'username'=>$username,
				'password'=>$password,
				'email'=>$email,
				'sex'=>$sex,
				'year'=>$year,
				'month'=>$month,
				'day'=>$day,
				'sheng'=>$pri,
				'phone'=>$phone,
				'shi'=>$shi,
				'qu'=>$qu,
				'street'=>$street,
				'code'=>$code,
				'date'=>time(),
			);
			$result = $db->insert('oecms_user',$array);
				if($result){
					$_SESSION['username']=$username;					
					$sql="SELECT * FROM oecms_user where username='".$username."'";
					$rs=$db->get_one($sql);
					$_SESSION['userid']=$rs['id'];
					$_SESSION['lgintime']=time();
					Core_Command::command_savetag("user",$tag);
					Core_Command::runlog("user","[".$username."]注册成功",0);
					Core_Fun::halt("注册成功","index.php",0);
				}else{
					Core_Fun::halt("注册失败","",1);
				}
			
		}else{
				Core_Fun::halt("该用户名或者邮箱地址已经被使用，请更换！","$url",1);
		}
		

}

if($action == "savemodify"){
		$email    = Core_Fun::rec_post('email');
		$sex      = Core_Fun::rec_post('sex');
		$phone    = Core_Fun::rec_post('phone');;
		$year     = Core_Fun::rec_post('year');;
		$month    = Core_Fun::rec_post('month');
		$day      = Core_Fun::rec_post('day');
		$pri      =  Core_Fun::rec_post('sheng');
		$shi      =  Core_Fun::rec_post('shi');
		$qu		  =  Core_Fun::rec_post('qu');
		$street   =  Core_Fun::rec_post('street');
		$code     =  Core_Fun::rec_post('code');
		
		if(!Core_Fun::ischar($phone)){
			Core_Fun::halt("手机不能为空！","/",1);
		}
		
		$uuid = $_SESSION['userid'];
		$sql="SELECT * FROM oecms_user WHERE id='".$uuid."'";
		$res = $db->checkdata($sql);
		if($res)
		{
			$array = array(
				'email'=>$email,
				'sex'=>$sex,
				'year'=>$year,
				'month'=>$month,
				'day'=>$day,
				'sheng'=>$pri,
				'phone'=>$phone,
				'shi'=>$shi,
				'qu'=>$qu,
				'street'=>$street,
				'code'=>$code,
			);
			
			$result = $db->update(oecms_user,$array,"id=".$uuid);
			if($result){
				Core_Fun::halt("用户资料更新成功","/",0);
			}
			else{
				Core_Fun::halt("请登录后再执行此操作！","/",0);
			}
		
		}else{
				Core_Fun::halt("请登录后再执行此操作！","/",0);
		}

}

if($action == "login"){
	$username = $username;
	$password = $password;
	$sql="SELECT * FROM oecms_user WHERE username='".$username."' AND password='".$password."'";
	$res=$db->checkdata($sql);
	if($res == true){

		$_SESSION['username'] = $username;
		$sql="SELECT * FROM oecms_user where username='".$username."'";
		$rs=$db->get_one($sql);
		$_SESSION['userid']=$rs['id'];
		$_SESSION['lgintime']=time();
		Core_Command::runlog("user","[".$username."]登录成功",1);
		Core_Fun::halt("[".$_SESSION['username']."]登录成功",Core_Fun::rec_post("targeturl"),0);
	}else{
		Core_Fun::halt("用户名或密码错误，请重新登录",Core_Fun::rec_post("targeturl"),1);
	}
}

if($action == "quit"){
	unset($_SESSION["username"]);
	unset($_SESSION["userid"]);
	Core_Fun::halt("您已经退出登录",Core_Fun::rec_post("targeturl"),0);
}	

if($action == "reset"){
	//$website = "http://127.0.0.1/";
	$sql="SELECT * FROM oecms_user WHERE username='".$username."'";
	$res=$db->get_one($sql);
	if(!$res){	
		Core_Fun::halt("没有这个用户，请重新输入！","",1);
		exit;
	}
	$userid=$res['id'];
	//var_dump($userid);
	$password=$res['password'];
	$email=$res['email'];
	if($email == ""){
		Core_Fun::halt("用户没有登记邮箱，无法找回密码，请联系网站管理员！","index.php",1);
		exit;
	}
	$ckey = md5($username .'+'. $password);
	$string=base64_encode($username.'.'.$ckey.'.'.$userid);

	$array = array(
		'ckey' => $ckey,
	);
	$res = $db->update('oecms_user',$array,"id='".$userid."'");
	if($res){
        $mail = new PHPMailer();
	    $mail->SetLanguage("zh_cn", "/source/core/");

        $mail->IsSMTP();          // set mailer to use SMTP
		$mail->Host = "smtp.qq.com";  // specify main and backup server
		$mail->SMTPAuth = true;     // turn on SMTP authentication
		$mail->Username = "1480043796@qq.com";  // SMTP username
		$mail->Password = "a19880421"; // SMTP password
		$mail->CharSet = "UTF-8"; 
		$mail->Encoding = "base64";
		$mail->From = "1480043796@qq.com";
		$mail->FromName = "xxw";
		$mail->AddAddress($email, $username);
		//$mail->AddAddress("ellen@example.com");   // name is optional
		//$mail->AddReplyTo("");

		$mail->WordWrap = 50;          // set word wrap to 50 characters
		//$mail->AddAttachment("/var/tmp/file.tar.gz");   // add attachments
		//$mail->AddAttachment("/tmp/image.jpg", "new.jpg");    // optional name
		$mail->IsHTML(true);                                  // set email format to HTML

		$mail->Subject = "周易网密码重置";
		$mail->Body    = "尊敬的用户，请点击<a href='".$website."user.php?mod=cgpw&ckey=".$string."'>这里</a>重置密码。<p>或者复制下面一行到浏览器地址栏中。</p><p>".$website."user.php?mod=cgpw&ckey=".$string."</p>";
		$mail->AltBody = "This is the body in plain text for non-HTML mail clients";

		if($mail->Send())
		{
			Core_Fun::halt("密码重置邮件已经发送到您注册邮箱，请查收！","index.php",0);
		}
		}
	}
	
if($action == "cgpw"){

	$array = explode('.',base64_decode($ckey));
	//var_dump($ckey);
	if($password == "" || $confirm_password == ""){
		Core_Fun::halt("密码不能为空！",$url,"1");
		exit;
	}
	if($password !== $confirm_password){
		$url="/user.php?mod=cgpw&ckey=".$ckey;
		Core_Fun::halt("两次输入的密码不一致请重新输入！",$url,"1");
	}else{
		$newarray=array(
			"password"=>$password,
			"ckey"=>"",
		);
		$res=$db->update("oecms_user",$newarray,"id='".$array['2']."'");
		if($res){
			$_SESSION['username']=$array['0'];
			$_SESSION['userid']=$array['2'];
			$_SESSION['lgintime']=time();
			Core_Fun::halt("密码重置成功！","index.php","0");
		}
	}
}
?>